At the Tanglewood Practice, we take the responsibility of your personal data very seriously, and we are committed to respecting and protecting your privacy. The following Privacy Statement has been developed in order to be in line with the General Data Protection Regulations (GDPR) in effect from Friday 25th May 2018. This statement lets you know how we handle the information you give us, and what we do with it.
What data do we collect?
We collect personal data from you, such as your name, age, address, telephone number, email, occupation, family, and personal circumstances,
We also collect ‘special categories of personal data,’ such as health data, that are required to plan your treatment.
How do we collect your data?
We collect your data through our website enquiry forms, through telephone conversations we have with you, and in person at our Initial Consultations, therapy sessions, and supervision sessions.
We may also use questionnaires that we ask you to complete and bring back to a subsequent session.
Why do we collect your data?
We collect your data to help us:
• assess and plan your treatment and therapy.
• contact you regarding your ongoing treatment, including logistics of planning therapy sessions.
• inform you of any relevant news, offers and updates.
• contribute to research into Solution Focused Hypnotherapy using the CORP research programme, wherein only the following information is collected and stored:
First initial of the first name, age, gender, condition being treated, and session by session measurements of progress across seven different areas, completed by you.
• contact you regarding supervision matters in the case of practitioners.
Our legal basis for processing your personal data is:
• Consent or contract for personal data, and
• The fact that the processing of the special category of personal data is necessary for the provision of healthcare.
How do we store and protect your data?
We employ strict information security procedures to ensure your personal data is protected from unauthorised access, unlawful processing, and accidental loss, destruction and damage.
Personal data recorded on paper is stored securely in locked filing cabinets, and accessed only by the practitioner for the purposes of planning, reviewing and implementing treatment, or supervision. Only minimal data is store on computer. Any personal data stored on computer is kept securely and password protected.
How long is your data stored for?
In line with the regulations of the governing bodies of the profession, together with indemnity insurance requirements, personal data will be kept safely and in good condition for eight years from the date of the client’s last visit. In the case of children, personal data will be kept until the child’s 25th birthday, or 26th birthday if the client was 17 when the treatment ended. This constitutes a legitimate interest in retaining records for this period. After this time, personal data will be securely destroyed.
Who will we share your data with?
We will not pass on your data to third parties, unless required to do so by law, or in the interests of preventing or reporting harm to self or others.
No client personal data is shared with other practitioners during supervision. Any cases reviewed are done so with the utmost respect and attention to confidentiality.
You have the right to see any of your information and update it at any time.
We will continue to review, update and enhance our Privacy Statement, reflecting our commitment to respect and protect your privacy.